869616d75cde2642dc04704a4ae6e3c040422f55c3bb79ff270ff52b21fe1959 | Triage

Analysis

max time kernel
78s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23/03/2023, 22:09

Sharing

Report Analysis Logs

General

Target

Pinger1.bat
Size

1KB
MD5

2bd516d3ad42df425e23b2f755be0f5b
SHA1

1ebc0c9fc21aef94e381d826a51366c7c7ae162f
SHA256

869616d75cde2642dc04704a4ae6e3c040422f55c3bb79ff270ff52b21fe1959
SHA512

de10e1f3cd7c2299f1d6498e9379ae68432475ae9a3d7017c826936240f006350e5e166cc4d798ecdcadc249455af040fff73590f636698e077a4d6f59e9d052

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3768 wrote to memory of 3804	3768	cmd.exe	93
PID 3768 wrote to memory of 3804	3768	cmd.exe	93
PID 3768 wrote to memory of 2260	3768	cmd.exe	94
PID 3768 wrote to memory of 2260	3768	cmd.exe	94

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Pinger1.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3768
- C:\Windows\system32\msg.exe
  msg * parrot.live are fucking u!
  2⤵
  PID:3804
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads